<?php
require_once "../lib/common.php";
$response = array();

$user = Login::getLoggedIn();
if ($user == null) {
    error_die("you are not logged-in");
}

if ( ! empty($_POST) ) {
    if (isset($_POST['contact'])) { $_POST['contact'] = htmlentities($_POST['contact']); }
    if (isset($_POST['address'])) { $_POST['address'] = htmlentities($_POST['address']); }
    if (isset($_POST['creditcard'])) { $_POST['creditcard'] = htmlentities($_POST['creditcard']); }
    if (isset($_POST['note'])) { $_POST['note'] = htmlentities($_POST['note']); }
    if ( isset($_POST['makeorder'])) {
        $items = $user->carts;
        if (empty($items)) {
           error_die("shopping cart empty");
        }
        $order = new Order();
        $ret = $order->update_attributes_filter($_POST,$order->attributes());
        if (! $ret) {
           error_die("invalid data");
        }
        $order->user_id = $user->id;
        $order->save();
        foreach ($items as $item) {
            $orderItem = new OrderItem();
            $orderItem->order_id = $order->id;
            $orderItem->book_id = $item->book_id;
            $orderItem->quantity = $item->quantity;
            $ret = $orderItem->save();
            if ( ! $ret ) {
                error_die("internal problem while making the order, sry, please contact staff");
            }
            $item->delete();
        }
    } else if ( isset($_POST['remove']) || isset($_POST['mark_dispatched'])) {
        if ($user->employee != 1) {
            error_die("access denied");
        }
        if (isset($_POST['mark_dispatched']) && isset($_POST['id'])) {
            try {
                $order = Order::find($_POST['id']);
                $order->dispatched = 1;
                $order->creditcard = "*";
                $order->save();
            } catch (ActiveRecord\RecordNotFound $e) {
                error_die("order not found");
            }
        } else if (isset($_POST['remove']) && isset($_POST['id'])) {
            try {
                $order = Order::find($_POST['id']);
                if ($order->order_items) {
                    foreach ($order->order_items as $item) {
                        $item->delete();
                    }
                }
                $order->delete();
            } catch (ActiveRecord\RecordNotFound $e) {
                error_die("order not found");
            }
        }
    }
} else {
    if ($user->employee != 1) {
        error_die("access denied");
    }
    $faux = new Order();
    $response['attributes'] = array_keys($faux->attributes_but(array("user_id","created_at")));
    array_push($response['attributes'],"user");
    array_push($response['attributes'],"price");
    array_push($response['attributes'],"items");
    array_push($response['attributes'],"created_at");
    unset($faux);
    $orders = Order::all();
    $orders_collection = array();
    foreach ($orders as $order) {
        $attrs = $order->attributes_but(array("user_id","created_at"));
        $attrs['items'] = array();
        $attrs['price'] = 0;
        if ($order->order_items) {
             foreach ($order->order_items as $item) {
                 $item_attrs = array();
                 if ($item->book) {
                    $item_attrs['item'] = $item->book->attributes();
                    $attrs['price'] += $item->book->price * $item->quantity;
                 } else {
                    $item_attrs['item'] = array("id"=>0,"title"=>"&lt;book deleted&gt;");
                 }
                 $item_attrs['quantity'] = $item->quantity;
                 array_push($attrs['items'],$item_attrs);
             }
        }
        if ($order->user) {
            $attrs['user'] = $order->user->attributes();
        } else {
            $attrs['user'] = array("id"=>0,"name"=>"-user deleted-",
              "email"=>"-user deleted-");
        }
        $attrs['created_at'] = $order->created_at->format('Y-m-d');
        array_push($orders_collection,$attrs);
    }
    $response['collection'] = $orders_collection;
}

if (!empty($response)) {
    echo json_encode($response);
}
?>
